Senior Identity & Access Management Engineer
We are UMG, the Universal Music Group. We are the world's leading music company. In everything we do, we are committed to artistry, innovation and entrepreneurship. We own and operate a broad array of businesses engaged in recorded music, music publishing, merchandising, and audiovisual content in more than 60 countries. We identify and develop recording artists and songwriters, and we produce, distribute and promote the most critically acclaimed and commercially successful music to delight and entertain fans around the world.
We are currently seeking an identity and access management specialist with deep level expertise in Active Directory as well as experience in MS Office 365 administration, and Okta. As a key member of the UMG Technical Services team, the Sr Identity and Access Management Engineer is responsible for to ensure our Identity Management environment, including Active Directory functions at peak efficiency. The position will be a team player working to expand the integration of our identity management solutions with our enterprise applications, support day-to-day administration, reporting, troubleshooting, and operations of our Identity Management environment.
In addition to having strong technical skills, you must be comfortable in effectively communicating with business end users, technical IT teams, business partners, network providers, and business process outsourced vendors, all while being sensitive to a wide diversity of cultural and technical backgrounds in a global business environment.
- Provides subject matter expertise in the design, development, testing, implementation, and integration of Identity and Access Management (IAM) systems and solutions. Utilize best practices to ensures that solutions protect information resources against unauthorized use, inappropriate degrees of access, disclosure, damage and/or loss.
- Identifies strategic opportunities for improvement of Identity Management based on industry trends, best practices and business needs. Collaborate with the management team to formulate and execute action plans against identified opportunities.
- Guides and facilitates the successful and on-time completion of major programs and projects. Facilitate the continuous adoption, training, communication, and education of IAM capabilities, functions, and standards
- Leads the identification, analysis, and resolution of system design weaknesses. Troubleshoots and manages the resolution of issues related identities, systems, access, accounts, authentication, authorization, entitlements, and permissions. Determines and recommends the most appropriate response to identified more complex problems, issues and/or defects by assessing impact and prioritization
- Troubleshoots, supports and resolves system incidents, problems and changes, as required
- Provides ITIL based operational support and acts as a technical resource for the Active Directory infrastructure, including incident, change, and problem management
- Provides support of on premise and cloud-based equipment and configuration including but not limited to Domain Controllers, SaaS applications such as Azure Active Directory, O365, Okta, MIM, and Active Roles servers.
- Complete the key metric reporting and analysis for the Identity Management environment as required.
- Work to ensure audit tasks related to Identity Management are completed on time, with participation of appropriate parties
- Utilize industry best practices for appropriate standards, processes, procedures, tools, and documentation.
- Ensure the maintenance, patching, operating, and monitoring of IAM systems is in place and completed.
- Maintains awareness and knowledge of current changes within legal, regulatory, and technology environments which may affect operations. Ensures senior management and staff are informed of any changes and updates in a timely manner. Establishes and maintains appropriate network of professional contacts. Maintains membership in appropriate professional organizations and publications. Attends meetings, seminars and conferences and maintains continuity of any required or desirable certifications, if applicable
- Exceptional technical skills in the Identity Management space, including Active Directory 2008 through Active Directory 2016
- Understanding of Skype for Business group/system policies, survivable branch appliances, unified messaging, and federation desired
- A high level of technical ability for troubleshooting and problem analysis is required, along with the ability to clearly communicate the results of problem analysis to business stakeholders, IT support teams, and network providers to quickly and effectively resolve operational issues.
- Technical competence in the following:
- Component services & areas: domain design, DDNS, DHCP, Activesync, Outlook client, Spam filtering, Virus services
- Relevant management & operational tooling: NetIQ Security & Application Mgr, QUEST, Insight mgt and Microsoft Administration tools
- Directory Services, Directory services replication/synchronization, Kerberos, Active Directory compliance for Schema Extensions, DEA (Directory Enabled Applications), SMTP Query management, S-LDAP, AD integration security, federation services and Forest system context management for application services.
- Adept at PowerShell & VB scripting, regular expressions, policy management, etc. Additional experience in one or more scripting languages such as Python, Ansible, or JSON is a plus
- Must be comfortable in effectively communicating with multiple internal/external stakeholders in a global business environment.
- Customer service driven/focused with a proactive and positive can-do approach. Demonstrates commitment to organization's policy framework and practices continuous improvement.
- Demonstrated organizational skills, attention to detail and ability to work both independently and as part of a team. As a senior member of the team, ability to work unsupervised, prioritize own workload, and mentor other team members as necessary is essential
- Has the ability to foster a team environment in a global fast-paced enterprise, adjust to changing priorities and schedules, and balance support and project work
- Minimum of 7 years directly related experience in Identity & Access Management (IAM)
- International experience beneficial; multiple language skills a plus
- Experience troubleshooting, managing, and solving issues related to identities, systems, access, accounts, authentication, authorization, entitlements, and permissions
- Hands on experience of Active Directory operation and support including Active Directory Infrastructure components (FSMO roles), delegated administration, group policies, OU admin & Site replication, ADFS, Exchange operation and support including OWA, SMTP services, routing / costing
- Experience of client system dependencies, e.g. logon script using VBScript, ADSI, XMLDom, and LDAP queries
- Demonstrated current work experience engineering, customizing, and integrating IAM solutions such as Azure Active Directory, Active Roles, Duo, MIM, CyberArk, Duo, Okta, ForgeRock, PingFederate, and SiteMinder
- Hands-on experience and skills with systems such as Skype for Business (on-prem, hybrid, and online), O365, and Service Now are required. Experience with ServiceNow orchestration into Active Directory & O365 is a plus.
- Experience with security protocols such as S-LDAP, SAML, WS-Federation, SCIM, OAuth, and OIDC
- Bachelor's Degree in Computer Science or Engineering or closely related field or comparable education and experience preferred
- IT Certifications including MCSE Certification specialization in Identity Management, CISSP, and ITIL v3 Foundations certifications desired
Universal Music Group is an Equal Opportunity Employer.
This job description only provides an overview of job responsibilities that are subject to change.